This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2019-2402.NASLEulerOS 2.0 SP2 : httpd (EulerOS-SA-2019-2402)
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
7.7 High
AI Score
Confidence
High
0.011 Low
EPSS
Percentile
84.1%
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
-
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the ‘Location’ or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23).
Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).(CVE-2016-4975) -
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.(CVE-2018-1301)
-
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a ‘Session’ header. This comes from the ‘HTTP_SESSION’ variable name used by mod_session to forward its data to CGIs, since the prefix ‘HTTP_’ is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.(CVE-2018-1283)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(131894);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/04");
script_cve_id("CVE-2016-4975", "CVE-2018-1283", "CVE-2018-1301");
script_name(english:"EulerOS 2.0 SP2 : httpd (EulerOS-SA-2019-2402)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the httpd packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- Possible CRLF injection allowing HTTP response
splitting attacks for sites which use mod_userdir. This
issue was mitigated by changes made in 2.4.25 and
2.2.32 which prohibit CR or LF injection into the
'Location' or other outbound header key or value. Fixed
in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23).
Fixed in Apache HTTP Server 2.2.32 (Affected
2.2.0-2.2.31).(CVE-2016-4975)
- A specially crafted request could have crashed the
Apache HTTP Server prior to version 2.4.30, due to an
out of bound access after a size limit is reached by
reading the HTTP header. This vulnerability is
considered very hard if not impossible to trigger in
non-debug mode (both log and build level), so it is
classified as low risk for common server
usage.(CVE-2018-1301)
- In Apache httpd 2.4.0 to 2.4.29, when mod_session is
configured to forward its session data to CGI
applications (SessionEnv on, not the default), a remote
user may influence their content by using a 'Session'
header. This comes from the 'HTTP_SESSION' variable
name used by mod_session to forward its data to CGIs,
since the prefix 'HTTP_' is also used by the Apache
HTTP Server to pass HTTP header fields, per CGI
specifications.(CVE-2018-1283)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2402
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7403ff2b");
script_set_attribute(attribute:"solution", value:
"Update the affected httpd packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4975");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-manual");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:httpd-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:mod_ssl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["httpd-2.4.6-45.0.1.4.h14",
"httpd-devel-2.4.6-45.0.1.4.h14",
"httpd-manual-2.4.6-45.0.1.4.h14",
"httpd-tools-2.4.6-45.0.1.4.h14",
"mod_ssl-2.4.6-45.0.1.4.h14"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | httpd | p-cpe:/a:huawei:euleros:httpd |
| huawei | euleros | httpd-devel | p-cpe:/a:huawei:euleros:httpd-devel |
| huawei | euleros | httpd-manual | p-cpe:/a:huawei:euleros:httpd-manual |
| huawei | euleros | httpd-tools | p-cpe:/a:huawei:euleros:httpd-tools |
| huawei | euleros | mod_ssl | p-cpe:/a:huawei:euleros:mod_ssl |
| huawei | euleros | 2.0 | cpe:/o:huawei:euleros:2.0 |
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
7.7 High
AI Score
Confidence
High
0.011 Low
EPSS
Percentile
84.1%